From e9f22edd02e5e33bfa290bb6ed904763ca8e0cad Mon Sep 17 00:00:00 2001 From: Jacob Jackson Date: Sat, 8 Oct 2022 00:27:47 +0000 Subject: [PATCH 1/3] challenger --- plonky2_verifier/challenger.go | 139 +++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 plonky2_verifier/challenger.go diff --git a/plonky2_verifier/challenger.go b/plonky2_verifier/challenger.go new file mode 100644 index 0000000..3d60c83 --- /dev/null +++ b/plonky2_verifier/challenger.go @@ -0,0 +1,139 @@ +package plonky2_verifier + +import ( + "github.com/consensys/gnark/frontend" +) + +type V = frontend.Variable + +type Challenger struct { + sponge_state: [SPONGE_WIDTH]V + input_buffer: []V + output_buffer: []V +} + +// pub struct Challenger { +// sponge_state: [GoldilocksField; SPONGE_WIDTH], +// input_buffer: Vec, +// output_buffer: Vec +// } + +func NewChallenger() Challenger { + var sponge_state [SPONGE_WIDTH]V + for i := 0; i < SPONGE_WIDTH; i++ { + sponge_state[i] = 0 + } + return Challenger { + sponge_state: sponge_state, + input_buffer: []V{}, + output_buffer: []V{}, + } +} +// pub fn new() -> Challenger { +// return Challenger { +// sponge_state: [GoldilocksField::ZERO; SPONGE_WIDTH], +// input_buffer: Vec::with_capacity(SPONGE_RATE), +// output_buffer: Vec::with_capacity(SPONGE_RATE) +// }; +// } + +func (c *Challenger) observe_elements(elements []V) { + for _, element := range elements { + c.observe_element(element) + } +} +// pub fn observe_elements(&mut self, elements: &[GoldilocksField]) { +// for &element in elements { +// self.observe_element(element); +// } +// } + +func (c *Challenger) observe_hash(hash []V) { + c.observe_elements(hash) +} +// pub fn observe_hash(&mut self, hash: Vec) { +// self.observe_elements(&hash.to_vec()) +// } + +func (c *Challenger) observe_element(element V) { + c.output_buffer = V[]{} + c.input_buffer = append(c.input_buffer, element) + if len(c.input_buffer) == SPONGE_RATE { + c.duplexing() + } +} +// pub fn observe_element(&mut self, element: GoldilocksField) { +// self.output_buffer.clear(); +// self.input_buffer.push(element); +// if self.input_buffer.len() == SPONGE_RATE { +// self.duplexing(); +// } +// } + +func (c *Challenger) observe_cap(cap [][]V) { + for _, hash := range cap { + c.observe_hash(hash) + } +} +// pub fn observe_cap(&mut self, cap: &Vec>) { +// for hash in cap.into_iter() { +// self.observe_hash(hash.clone()); +// } +// } + +func (c *Challenger) duplexing() { + if len(c.input_buffer) > SPONGE_RATE { panic("buffer too large") } + + for i, input := range c.input_buffer { + c.sponge_state[i] = input + } + c.input_buffer = V[]{} + + c.sponge_state = poseidon(c.sponge_state) + + c.output_buffer = c.sponge_state[:SPONGE_RATE] +} +// fn duplexing(&mut self) { +// assert!(self.input_buffer.len() <= SPONGE_RATE); + +// for (i, input) in self.input_buffer.drain(..).enumerate() { +// self.sponge_state[i] = input; +// } + +// self.sponge_state = poseidon(self.sponge_state); + +// self.output_buffer.clear(); +// self.output_buffer +// .extend_from_slice(&self.sponge_state[0..SPONGE_RATE]); +// } + +func (c *Challenger) get_challenge() V { + if len(c.input_buffer) > 0 || len(c.output_buffer) == 0 { + c.duplexing() + } + result := c.output_buffer[len(c.output_buffer) - 1] + c.output_buffer = c.output_buffer[:len(c.output_buffer) - 1] + return result +} +// pub fn get_challenge(&mut self) -> GoldilocksField { +// if !self.input_buffer.is_empty() || self.output_buffer.is_empty() { +// self.duplexing(); +// } + +// self.output_buffer +// .pop() +// .expect("Output buffer should be non-empty") +// } + +func (c *Challenger) get_n_challenges(n int) []V { + result := make([]V, n) + for i := 0; i < n; i++ { + result[i] = c.get_challenge() + } + return result +} +// pub fn get_n_challenges(&mut self, n: usize) -> Vec { +// (0..n).map(|_| self.get_challenge()).collect() +// } +// } + From 8798b435d3ea1fcbdbc5231ceb9014c4c02d0685 Mon Sep 17 00:00:00 2001 From: Jacob Jackson Date: Sat, 8 Oct 2022 00:28:15 +0000 Subject: [PATCH 2/3] strip out comments from original code --- plonky2_verifier/challenger.go | 60 ---------------------------------- 1 file changed, 60 deletions(-) diff --git a/plonky2_verifier/challenger.go b/plonky2_verifier/challenger.go index 3d60c83..f4c4e5e 100644 --- a/plonky2_verifier/challenger.go +++ b/plonky2_verifier/challenger.go @@ -12,12 +12,6 @@ type Challenger struct { output_buffer: []V } -// pub struct Challenger { -// sponge_state: [GoldilocksField; SPONGE_WIDTH], -// input_buffer: Vec, -// output_buffer: Vec -// } - func NewChallenger() Challenger { var sponge_state [SPONGE_WIDTH]V for i := 0; i < SPONGE_WIDTH; i++ { @@ -29,31 +23,16 @@ func NewChallenger() Challenger { output_buffer: []V{}, } } -// pub fn new() -> Challenger { -// return Challenger { -// sponge_state: [GoldilocksField::ZERO; SPONGE_WIDTH], -// input_buffer: Vec::with_capacity(SPONGE_RATE), -// output_buffer: Vec::with_capacity(SPONGE_RATE) -// }; -// } func (c *Challenger) observe_elements(elements []V) { for _, element := range elements { c.observe_element(element) } } -// pub fn observe_elements(&mut self, elements: &[GoldilocksField]) { -// for &element in elements { -// self.observe_element(element); -// } -// } func (c *Challenger) observe_hash(hash []V) { c.observe_elements(hash) } -// pub fn observe_hash(&mut self, hash: Vec) { -// self.observe_elements(&hash.to_vec()) -// } func (c *Challenger) observe_element(element V) { c.output_buffer = V[]{} @@ -62,24 +41,12 @@ func (c *Challenger) observe_element(element V) { c.duplexing() } } -// pub fn observe_element(&mut self, element: GoldilocksField) { -// self.output_buffer.clear(); -// self.input_buffer.push(element); -// if self.input_buffer.len() == SPONGE_RATE { -// self.duplexing(); -// } -// } func (c *Challenger) observe_cap(cap [][]V) { for _, hash := range cap { c.observe_hash(hash) } } -// pub fn observe_cap(&mut self, cap: &Vec>) { -// for hash in cap.into_iter() { -// self.observe_hash(hash.clone()); -// } -// } func (c *Challenger) duplexing() { if len(c.input_buffer) > SPONGE_RATE { panic("buffer too large") } @@ -93,19 +60,6 @@ func (c *Challenger) duplexing() { c.output_buffer = c.sponge_state[:SPONGE_RATE] } -// fn duplexing(&mut self) { -// assert!(self.input_buffer.len() <= SPONGE_RATE); - -// for (i, input) in self.input_buffer.drain(..).enumerate() { -// self.sponge_state[i] = input; -// } - -// self.sponge_state = poseidon(self.sponge_state); - -// self.output_buffer.clear(); -// self.output_buffer -// .extend_from_slice(&self.sponge_state[0..SPONGE_RATE]); -// } func (c *Challenger) get_challenge() V { if len(c.input_buffer) > 0 || len(c.output_buffer) == 0 { @@ -115,15 +69,6 @@ func (c *Challenger) get_challenge() V { c.output_buffer = c.output_buffer[:len(c.output_buffer) - 1] return result } -// pub fn get_challenge(&mut self) -> GoldilocksField { -// if !self.input_buffer.is_empty() || self.output_buffer.is_empty() { -// self.duplexing(); -// } - -// self.output_buffer -// .pop() -// .expect("Output buffer should be non-empty") -// } func (c *Challenger) get_n_challenges(n int) []V { result := make([]V, n) @@ -132,8 +77,3 @@ func (c *Challenger) get_n_challenges(n int) []V { } return result } -// pub fn get_n_challenges(&mut self, n: usize) -> Vec { -// (0..n).map(|_| self.get_challenge()).collect() -// } -// } - From cae5d3b45fd12963ee059dfd1c1c0ca708e7df2c Mon Sep 17 00:00:00 2001 From: jtguibas Date: Mon, 10 Oct 2022 15:11:32 -0700 Subject: [PATCH 3/3] added public inputs hash test, challenger test --- plonky2_verifier/challenger.go | 114 +++++++++++++++------------ plonky2_verifier/challenger_test.go | 117 ++++++++++++++++++++++++++++ poseidon/poseidon.go | 37 ++++++++- poseidon/poseidon_test.go | 59 ++++---------- poseidon/public_inputs_hash_test.go | 60 ++++++++++++++ utils/utils.go | 25 ++++++ 6 files changed, 317 insertions(+), 95 deletions(-) create mode 100644 plonky2_verifier/challenger_test.go create mode 100644 poseidon/public_inputs_hash_test.go create mode 100644 utils/utils.go diff --git a/plonky2_verifier/challenger.go b/plonky2_verifier/challenger.go index f4c4e5e..cf052e2 100644 --- a/plonky2_verifier/challenger.go +++ b/plonky2_verifier/challenger.go @@ -1,79 +1,97 @@ package plonky2_verifier import ( + "fmt" + . "gnark-ed25519/goldilocks" + "gnark-ed25519/poseidon" + . "gnark-ed25519/poseidon" + "github.com/consensys/gnark/frontend" ) -type V = frontend.Variable - -type Challenger struct { - sponge_state: [SPONGE_WIDTH]V - input_buffer: []V - output_buffer: []V +type ChallengerChip struct { + api frontend.API + field frontend.API + poseidonChip PoseidonChip + spongeState [SPONGE_WIDTH]GoldilocksElement + inputBuffer []GoldilocksElement + outputBuffer []GoldilocksElement } -func NewChallenger() Challenger { - var sponge_state [SPONGE_WIDTH]V - for i := 0; i < SPONGE_WIDTH; i++ { - sponge_state[i] = 0 - } - return Challenger { - sponge_state: sponge_state, - input_buffer: []V{}, - output_buffer: []V{}, +func NewChallengerChip(api frontend.API, field frontend.API, poseidonChip PoseidonChip) *ChallengerChip { + var spongeState [SPONGE_WIDTH]GoldilocksElement + var inputBuffer []GoldilocksElement + var outputBuffer []GoldilocksElement + return &ChallengerChip{ + api: api, + field: field, + poseidonChip: poseidonChip, + spongeState: spongeState, + inputBuffer: inputBuffer, + outputBuffer: outputBuffer, } } -func (c *Challenger) observe_elements(elements []V) { - for _, element := range elements { - c.observe_element(element) +func (c *ChallengerChip) ObserveElement(element GoldilocksElement) { + c.outputBuffer = clearBuffer(c.outputBuffer) + c.inputBuffer = append(c.inputBuffer, element) + if len(c.inputBuffer) == SPONGE_RATE { + c.duplexing() } } -func (c *Challenger) observe_hash(hash []V) { - c.observe_elements(hash) +func (c *ChallengerChip) ObserveElements(elements []GoldilocksElement) { + for i := 0; i < len(elements); i++ { + c.ObserveElement(elements[i]) + } } -func (c *Challenger) observe_element(element V) { - c.output_buffer = V[]{} - c.input_buffer = append(c.input_buffer, element) - if len(c.input_buffer) == SPONGE_RATE { - c.duplexing() - } +func (c *ChallengerChip) ObserveHash(hash HashOutput) { + c.ObserveElements(hash[:]) } -func (c *Challenger) observe_cap(cap [][]V) { - for _, hash := range cap { - c.observe_hash(hash) +func (c *ChallengerChip) ObserveCap(cap []HashOutput) { + for i := 0; i < len(cap); i++ { + c.ObserveHash(cap[i]) } } -func (c *Challenger) duplexing() { - if len(c.input_buffer) > SPONGE_RATE { panic("buffer too large") } - - for i, input := range c.input_buffer { - c.sponge_state[i] = input +func (c *ChallengerChip) GetChallenge() GoldilocksElement { + if len(c.inputBuffer) != 0 || len(c.outputBuffer) == 0 { + c.duplexing() } - c.input_buffer = V[]{} - c.sponge_state = poseidon(c.sponge_state) + challenge := c.outputBuffer[len(c.outputBuffer)-1] + c.outputBuffer = c.outputBuffer[:len(c.outputBuffer)-1] - c.output_buffer = c.sponge_state[:SPONGE_RATE] + return challenge } -func (c *Challenger) get_challenge() V { - if len(c.input_buffer) > 0 || len(c.output_buffer) == 0 { - c.duplexing() +func (c *ChallengerChip) GetNChallenges(n int) []GoldilocksElement { + challenges := make([]GoldilocksElement, n) + for i := 0; i < n; i++ { + challenges[i] = c.GetChallenge() } - result := c.output_buffer[len(c.output_buffer) - 1] - c.output_buffer = c.output_buffer[:len(c.output_buffer) - 1] - return result + return challenges } -func (c *Challenger) get_n_challenges(n int) []V { - result := make([]V, n) - for i := 0; i < n; i++ { - result[i] = c.get_challenge() +func clearBuffer(buffer []GoldilocksElement) []GoldilocksElement { + return make([]GoldilocksElement, 0) +} + +func (c *ChallengerChip) duplexing() { + if len(c.inputBuffer) > SPONGE_RATE { + fmt.Println(len(c.inputBuffer)) + panic("something went wrong") + } + for i := 0; i < len(c.inputBuffer); i++ { + c.spongeState[i] = c.inputBuffer[i] + } + c.inputBuffer = clearBuffer(c.inputBuffer) + c.spongeState = c.poseidonChip.Poseidon(c.spongeState) + clearBuffer(c.outputBuffer) + for i := 0; i < poseidon.SPONGE_RATE; i++ { + c.outputBuffer = append(c.outputBuffer, c.spongeState[i]) + // c.outputBuffer[i] = c.spongeState[i] } - return result } diff --git a/plonky2_verifier/challenger_test.go b/plonky2_verifier/challenger_test.go new file mode 100644 index 0000000..1cb724b --- /dev/null +++ b/plonky2_verifier/challenger_test.go @@ -0,0 +1,117 @@ +package plonky2_verifier + +import ( + . "gnark-ed25519/goldilocks" + . "gnark-ed25519/poseidon" + "gnark-ed25519/utils" + "testing" + + "github.com/consensys/gnark-crypto/ecc" + "github.com/consensys/gnark/frontend" + "github.com/consensys/gnark/test" +) + +var testCurve = ecc.BN254 + +type TestChallengerCircuit struct { + PublicInputs [3]frontend.Variable + CircuitDigest [4]frontend.Variable + WiresCap [16][4]frontend.Variable +} + +func (circuit *TestChallengerCircuit) Define(api frontend.API) error { + goldilocksApi := NewGoldilocksAPI(api) + poseidonChip := NewPoseidonChip(api, goldilocksApi) + challengerChip := NewChallengerChip(api, goldilocksApi, *poseidonChip) + + var circuitDigestGoldilocks [4]GoldilocksElement + for i := 0; i < 4; i++ { + circuitDigestGoldilocks[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.CircuitDigest[i], 64)).(GoldilocksElement) + } + + var publicInputsGoldilocks [3]GoldilocksElement + for i := 0; i < 3; i++ { + publicInputsGoldilocks[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.PublicInputs[i], 64)).(GoldilocksElement) + } + + var wiresCapGoldilocks [16][4]GoldilocksElement + for i := 0; i < 16; i++ { + for j := 0; j < 4; j++ { + wiresCapGoldilocks[i][j] = goldilocksApi.FromBinary(api.ToBinary(circuit.WiresCap[i][j], 64)).(GoldilocksElement) + } + } + + publicInputHash := poseidonChip.HashNoPad(publicInputsGoldilocks[:]) + challengerChip.ObserveHash(circuitDigestGoldilocks) + challengerChip.ObserveHash(publicInputHash) + challengerChip.ObserveCap(wiresCapGoldilocks[:]) + + nbChallenges := 2 + plonkBetas := challengerChip.GetNChallenges(nbChallenges) + plonkGammas := challengerChip.GetNChallenges(nbChallenges) + + var expectedPlonkBetas [2]frontend.Variable + expectedPlonkBetas[0] = frontend.Variable("4678728155650926271") + expectedPlonkBetas[1] = frontend.Variable("13611962404289024887") + + var expectedPlonkGammas [2]frontend.Variable + expectedPlonkGammas[0] = frontend.Variable("13237663823305715949") + expectedPlonkGammas[1] = frontend.Variable("15389314098328235145") + + for i := 0; i < 2; i++ { + goldilocksApi.AssertIsEqual( + plonkBetas[i], + goldilocksApi.FromBinary(api.ToBinary(expectedPlonkBetas[i])).(GoldilocksElement), + ) + goldilocksApi.AssertIsEqual( + plonkGammas[i], + goldilocksApi.FromBinary(api.ToBinary(expectedPlonkGammas[i])).(GoldilocksElement), + ) + } + + return nil +} + +func TestChallengerWitness(t *testing.T) { + assert := test.NewAssert(t) + + testCase := func(publicInputs [3]frontend.Variable, circuitDigest [4]frontend.Variable, wiresCap [16][4]frontend.Variable) { + circuit := TestChallengerCircuit{PublicInputs: publicInputs, CircuitDigest: circuitDigest, WiresCap: wiresCap} + witness := TestChallengerCircuit{PublicInputs: publicInputs, CircuitDigest: circuitDigest, WiresCap: wiresCap} + err := test.IsSolved(&circuit, &witness, testCurve.ScalarField()) + assert.NoError(err) + } + + publicInputsStr := []string{"0", "1", "3736710860384812976"} + circuitDigestStr := []string{"7754113318730736048", "18436136620016916513", "18054530212389526288", "5893739326632906028"} + wiresCapStr := [][]string{ + {"13884351014873073118", "5174249846243191862", "2208632528791973868", "1071582828677910652"}, + {"11475361245556894879", "14867351574926692044", "17013374066934071379", "1027671036932569748"}, + {"5604634992452399010", "3684464596850094189", "5565599237356852406", "4136295609943151014"}, + {"8463721840990025805", "5922588965472526198", "8096699027533803435", "2210089353004111478"}, + {"17531628199677307555", "11513452064460680964", "1482441508929181375", "5139566233781982440"}, + {"13271417993289093233", "17257193898955790413", "16883807866578566670", "7423179920948669117"}, + {"13462567520785358202", "15555103598281658890", "5859961276885232601", "4464568704709749394"}, + {"153012620162729043", "14072764618167122665", "3025694603779494447", "15948104906680148838"}, + {"18050235253694287284", "11467396424826912141", "11302553396166323353", "10976271719722841224"}, + {"15208241660644051470", "8520722208187871063", "10775022596056682771", "16048513824198271730"}, + {"6929477084755896240", "11382029470138215117", "13205948643259905511", "9421863267852221772"}, + {"15449187573546292268", "10216729601353604194", "9493934392442974211", "9848643714440191835"}, + {"2172475758127444753", "16681095938683502188", "9983383760611275566", "2603547977557388755"}, + {"17440301588003279095", "11799356585691460705", "1386003375936412946", "11059100806278290279"}, + {"10758265002546797581", "1374136260999724547", "7200401521491969338", "219493657547391496"}, + {"5995963332181008902", "4442996285152250372", "2005936434281221193", "6869325719052666642"}, + } + + var publicInputs [3]frontend.Variable + var circuitDigest [4]frontend.Variable + var wiresCap [16][4]frontend.Variable + + copy(publicInputs[:], utils.StrArrayToFrontendVariableArray(publicInputsStr)) + copy(circuitDigest[:], utils.StrArrayToFrontendVariableArray(circuitDigestStr)) + for i := 0; i < len(wiresCapStr); i++ { + copy(wiresCap[i][:], utils.StrArrayToFrontendVariableArray(wiresCapStr[i])) + } + + testCase(publicInputs, circuitDigest, wiresCap) +} diff --git a/poseidon/poseidon.go b/poseidon/poseidon.go index 8f73464..a77df7f 100644 --- a/poseidon/poseidon.go +++ b/poseidon/poseidon.go @@ -18,14 +18,14 @@ const SPONGE_WIDTH = 12 const SPONGE_RATE = 8 type PoseidonState = [WIDTH]GoldilocksElement +type HashOutput = [4]GoldilocksElement type PoseidonChip struct { api frontend.API field frontend.API } -func Poseidon(api frontend.API, field frontend.API, input PoseidonState) PoseidonState { - chip := &PoseidonChip{api: api, field: field} - return chip.Poseidon(input) +func NewPoseidonChip(api frontend.API, field frontend.API) *PoseidonChip { + return &PoseidonChip{api: api, field: field} } func (c *PoseidonChip) Poseidon(input PoseidonState) PoseidonState { @@ -37,6 +37,37 @@ func (c *PoseidonChip) Poseidon(input PoseidonState) PoseidonState { return state } +func (c *PoseidonChip) HashNToMNoPad(input []GoldilocksElement, nbOutputs int) []GoldilocksElement { + var state PoseidonState + + for i := 0; i < len(input); i += SPONGE_RATE { + for j := 0; j < SPONGE_RATE; j++ { + if i+j < len(input) { + state[j] = input[i+j] + } + } + state = c.Poseidon(state) + } + + var outputs []GoldilocksElement + + for { + for i := 0; i < SPONGE_RATE; i++ { + outputs = append(outputs, state[i]) + if len(outputs) == nbOutputs { + return outputs + } + } + state = c.Poseidon(state) + } +} + +func (c *PoseidonChip) HashNoPad(input []GoldilocksElement) HashOutput { + var hash [4]GoldilocksElement + copy(hash[:], c.HashNToMNoPad(input, 4)) + return hash +} + func (c *PoseidonChip) fullRounds(state PoseidonState, roundCounter *int) PoseidonState { for i := 0; i < HALF_N_FULL_ROUNDS; i++ { state = c.constantLayer(state, roundCounter) diff --git a/poseidon/poseidon_test.go b/poseidon/poseidon_test.go index ab6f635..ecd7253 100644 --- a/poseidon/poseidon_test.go +++ b/poseidon/poseidon_test.go @@ -2,18 +2,15 @@ package poseidon import ( . "gnark-ed25519/goldilocks" - "math/big" + "gnark-ed25519/utils" "testing" - "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark/backend/groth16" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/frontend/cs/r1cs" "github.com/consensys/gnark/test" ) -var testCurve = ecc.BN254 - type TestPoseidonCircuit struct { In [12]frontend.Variable Out [12]frontend.Variable @@ -28,7 +25,8 @@ func (circuit *TestPoseidonCircuit) Define(api frontend.API) error { input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(GoldilocksElement) } - output := Poseidon(api, goldilocksApi, input) + chip := NewPoseidonChip(api, goldilocksApi) + output := chip.Poseidon(input) // Check that output is correct for i := 0; i < 12; i++ { @@ -44,66 +42,39 @@ func (circuit *TestPoseidonCircuit) Define(api frontend.API) error { func TestPoseidonWitness(t *testing.T) { assert := test.NewAssert(t) - testCase := func(inBigInt [12]big.Int, outBigInt [12]big.Int) { - var in [12]frontend.Variable - var out [12]frontend.Variable - - for i := 0; i < 12; i++ { - in[i] = inBigInt[i] - out[i] = outBigInt[i] - } - + testCase := func(in [12]frontend.Variable, out [12]frontend.Variable) { circuit := TestPoseidonCircuit{In: in, Out: out} witness := TestPoseidonCircuit{In: in, Out: out} err := test.IsSolved(&circuit, &witness, testCurve.ScalarField()) assert.NoError(err) } - inStr := [12]string{"0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0"} - outStr := [12]string{ + inStr := []string{"0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0"} + outStr := []string{ "4330397376401421145", "14124799381142128323", "8742572140681234676", "14345658006221440202", "15524073338516903644", "5091405722150716653", "15002163819607624508", "2047012902665707362", "16106391063450633726", "4680844749859802542", "15019775476387350140", "1698615465718385111", } - - var inBigInt [12]big.Int - var outBigInt [12]big.Int - - for i := 0; i < 12; i++ { - inTmp := new(big.Int) - inTmp, _ = inTmp.SetString(inStr[i], 10) - inBigInt[i] = *inTmp - - outTmp := new(big.Int) - outTmp, _ = outTmp.SetString(outStr[i], 10) - outBigInt[i] = *outTmp - } - - testCase(inBigInt, outBigInt) + var in [12]frontend.Variable + var out [12]frontend.Variable + copy(in[:], utils.StrArrayToFrontendVariableArray(inStr)) + copy(out[:], utils.StrArrayToFrontendVariableArray(outStr)) + testCase(in, out) } func TestPoseidonProof(t *testing.T) { - inStr := [12]string{"0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0"} - outStr := [12]string{ + inStr := []string{"0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0"} + outStr := []string{ "4330397376401421145", "14124799381142128323", "8742572140681234676", "14345658006221440202", "15524073338516903644", "5091405722150716653", "15002163819607624508", "2047012902665707362", "16106391063450633726", "4680844749859802542", "15019775476387350140", "1698615465718385111", } - var in [12]frontend.Variable var out [12]frontend.Variable - - for i := 0; i < 12; i++ { - inTmp := new(big.Int) - inTmp, _ = inTmp.SetString(inStr[i], 10) - in[i] = *inTmp - - outTmp := new(big.Int) - outTmp, _ = outTmp.SetString(outStr[i], 10) - out[i] = *outTmp - } + copy(in[:], utils.StrArrayToFrontendVariableArray(inStr)) + copy(out[:], utils.StrArrayToFrontendVariableArray(outStr)) circuit := TestPoseidonCircuit{In: in, Out: out} assignment := TestPoseidonCircuit{In: in, Out: out} diff --git a/poseidon/public_inputs_hash_test.go b/poseidon/public_inputs_hash_test.go new file mode 100644 index 0000000..b7de618 --- /dev/null +++ b/poseidon/public_inputs_hash_test.go @@ -0,0 +1,60 @@ +package poseidon + +import ( + . "gnark-ed25519/goldilocks" + "gnark-ed25519/utils" + "testing" + + "github.com/consensys/gnark-crypto/ecc" + "github.com/consensys/gnark/frontend" + "github.com/consensys/gnark/test" +) + +var testCurve = ecc.BN254 + +type TestPublicInputsHashCircuit struct { + In [3]frontend.Variable + Out [4]frontend.Variable +} + +func (circuit *TestPublicInputsHashCircuit) Define(api frontend.API) error { + goldilocksApi := NewGoldilocksAPI(api) + + // BN254 -> Binary(64) -> GoldilocksElement + var input [3]GoldilocksElement + for i := 0; i < 3; i++ { + input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(GoldilocksElement) + } + + poseidonChip := &PoseidonChip{api: api, field: goldilocksApi} + output := poseidonChip.HashNoPad(input[:]) + + // Check that output is correct + for i := 0; i < 4; i++ { + goldilocksApi.AssertIsEqual( + output[i], + goldilocksApi.FromBinary(api.ToBinary(circuit.Out[i])).(GoldilocksElement), + ) + } + + return nil +} + +func TestPublicInputsHashWitness(t *testing.T) { + assert := test.NewAssert(t) + + testCase := func(in [3]frontend.Variable, out [4]frontend.Variable) { + circuit := TestPublicInputsHashCircuit{In: in, Out: out} + witness := TestPublicInputsHashCircuit{In: in, Out: out} + err := test.IsSolved(&circuit, &witness, testCurve.ScalarField()) + assert.NoError(err) + } + + inStr := []string{"0", "1", "3736710860384812976"} + outStr := []string{"8416658900775745054", "12574228347150446423", "9629056739760131473", "3119289788404190010"} + var in [3]frontend.Variable + var out [4]frontend.Variable + copy(in[:], utils.StrArrayToFrontendVariableArray(inStr)) + copy(out[:], utils.StrArrayToFrontendVariableArray(outStr)) + testCase(in, out) +} diff --git a/utils/utils.go b/utils/utils.go new file mode 100644 index 0000000..d02085a --- /dev/null +++ b/utils/utils.go @@ -0,0 +1,25 @@ +package utils + +import ( + "math/big" + + "github.com/consensys/gnark/frontend" +) + +func StrArrayToBigIntArray(input []string) []big.Int { + var output []big.Int + for i := 0; i < len(input); i++ { + a := new(big.Int) + a, _ = a.SetString(input[i], 10) + output = append(output, *a) + } + return output +} + +func StrArrayToFrontendVariableArray(input []string) []frontend.Variable { + var output []frontend.Variable + for i := 0; i < len(input); i++ { + output = append(output, frontend.Variable(input[i])) + } + return output +}